4. Create Internet Only Guest Access on my LAN

Create Internet Only Guest Access on my LAN

  • M

    I have a simple network and would like to restrict guest access to the internet only while allowing all other devices unrestricted access.

    The basic net:

    Internet <--> modem/router <--> LAN

    I have a distant area with a single ethernet cable running to it. A switch connected to the cable has:

    • WiFi hub for "Guests". <<<< This is what I want to restrict to internet only
    • Two other devices that need full LAN and Internet access

    I do not have physical security for the devices so someone could see what devices are connected (along with their MAC on a label). Someone could easily plug into the switch or WiFi router.

    I'm pretty sure that putting a pfSense device between the LAN and the guest switch is the way to go:

    Internet <--> modem/router <--> LAN <--> pfSense <--> guest switch

    But I'm not sure it would work and there seems to be more than one way to do it.

    Bottom line for devices connected to the guest switch:

    1. Any traffic coming from the guest WiFi should only go to the Internet with no access to devices on the LAN (other than, I assume, the modem/router).

    2. Any traffic from just the two other devices should have full access.

    3. Any other device should be blocked.

    Can a pfSense device like an SG-1100 do this? How?

    Thanks!

    0 1 Reply

  • @mayall

    The WiFi part is easy enough, just use a VLAN and 2nd SSID. However, if someone has physical access to the network, there's not much pfSense can do, other than perhaps mapping IP to MAC address and not allowing any other addresses via DHCP. However, that wouldn't stop someone from manually configuring an address.

    0
    M
     1 Reply
  • M

    @JKnott Thanks!

    Using the SG-1100 I'd create the VLAN for only the guest WiFi router, correct?

    It sounds like I could make the rest of the net that is connected to the guest switch somewhat more protected but someone could hack it with the correct tools. That would probably be enough to keep out the casual hacker and probably good enough.

    0
  • A

    When you say "Two other devices that need full LAN and Internet access", are these wifi devices, or are they wired devices with cables plugged into your distant network switch?

    Jeff

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy